Aggregator

11月16日，“安全攻防对抗专场”不见不散！（文末有福利哦~）

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability
• CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Checkmarx has observed a novel npm supply chain attack using Ethereum smart contracts to manage command-and-control (C2) operations

胡金鱼

去年 11 月发生故障的旅行者 1 号再次出现了通信问题。旅行者 1 号距离地球约 240 亿公里。10 月 16 日 NASA 飞行控制人员向探测器发送了一个启动加热器的例行指令，两天后 NASA 发现不知为何旅行者号的故障保护系统被触发了，导致了 X 波段发射器关闭。到 10 月 19 日通信完全中断。飞控团队对恢复通信不太乐观，因为旅行者 1 号的备用无线电发射器备依赖于更弱的不同频率，没人知道它是否能正常工作。数天后 NASA 深空网络收到了 S 波段发射器信号，该设备自 1981 年以来就没有使用过。NASA 表示正在收集信息弄清楚问题，恢复旅行者 1 号正常运行。但鉴于探测器已有 47 年历史，而且已进入星际空间 12 年，飞控团队唯一的指望是惊喜了。

The “You Dun” hacking group exploited vulnerable Zhiyuan OA software using SQL injection, leveraging tools like WebLogicScan, Vulmap, and Xray for reconnaissance. They further escalated privileges on compromised hosts with tools like traitor and CDK.  Active Cobalt Strike server leaked, revealing its use in various cyberattacks, including ransomware deployment (LockBit 3) and data theft. The […]

The post A Massive Hacking Toolkit From “You Dun” Threat Group Developed To Lauch Massive Cyber Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers discovered a Russian-linked threat actor, UNC5812, utilizing a Telegram persona named “Civil Defense. ” This persona has been distributing Windows and Android malware disguised as legitimate software designed to aid potential conscripts in Ukraine.  Once installed, these malicious apps silently deploy additional malware, including SUNSPINNER, while engaging in influence operations to undermine Ukrainian mobilization […]

The post Russian Hackers Attacking Ukraine Military With Malware Via Telegram appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

胡金鱼

In July 2024, the ransomware group Embargo targeted US companies using the malicious loader MDeployer and EDR killer MS4Killer. MDeployer deployed MS4Killer, which disabled security products, before executing the Embargo ransomware.  The ransomware encrypted files with a random six-letter extension and dropped a ransom note, while Embargo, operating as a RaaS provider, used double extortion […]

The post Embargo Ransomware Actors Abuses Safe Mode To Disable Security Solutions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

快来报名～

A vulnerability was found in Soap Lite up to 1.14. It has been rated as critical. This issue affects some unknown processing of the component XML Entity Hendler. The manipulation leads to improper resource management. The identification of this vulnerability is CVE-2015-8978. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Как мошенники обменяли тендеры на Lamborghini.

A vulnerability classified as critical was found in Zoho ManageEngine ADAudit Plus up to 8121. Affected by this vulnerability is an unknown functionality of the component Technician Reports Option. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-36485. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in David Lingren Media Library Assistant Plugin up to 3.19 on WordPress. Affected is an unknown function. The manipulation leads to os command injection. This vulnerability is traded as CVE-2024-51661. It is possible to launch the attack remotely. There is no exploit available.

前言过去几个月，我频繁地使用 ChatGPT 自学日语，体验到了前所未有的学习乐趣。最初，我只是打算写一个 ChatGPT 学语言的经验分享，然而整理资料的过程中，我发现 AI 外语学习类的产品和内容

This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️‍♀️) We're talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! 🥷 It's enough to make you want to chuck your phone in the ocean.

A vulnerability was found in Zoho ManageEngine ADManager Plus up to 7241. It has been rated as critical. This issue affects some unknown processing of the component Archived Audit Report. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-48878. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Google Safearchive. It has been declared as problematic. This vulnerability affects unknown code of the component Archive Extraction Handler. The manipulation leads to uncontrolled search path. This vulnerability was named CVE-2024-10389. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument recipt_no leads to sql injection. This vulnerability is uniquely identified as CVE-2024-10734. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.